hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "HeeSoo Kim (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-9525) hadoop utilities need to support provided delegation tokens
Date Mon, 14 Dec 2015 21:59:46 GMT

    [ https://issues.apache.org/jira/browse/HDFS-9525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15056795#comment-15056795

HeeSoo Kim commented on HDFS-9525:

[~daryn], [~aw] Thank you for your feedback.
An enhanced fetchdt is probably the best solution to side step the lack of realm trust.
That's right. We can use fetchdt to get the token from un-trusted realm cluster.
However, WebHDFS still has a problem to use the token which get the token using fetchdt.

I changed the code that supports the following features.
# It supports multiple token files when we fetched the delegationToken from target filesystem
using fetchdt.
# If we want to distcp from non-kerberos cluster to kerberos cluster, WebHDFS does not use
the delegationToken even ugi has the webHDFS's token.  It supports to use token for WebHDFS
on non-kerberos cluster.

> hadoop utilities need to support provided delegation tokens
> -----------------------------------------------------------
>                 Key: HDFS-9525
>                 URL: https://issues.apache.org/jira/browse/HDFS-9525
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Allen Wittenauer
>            Assignee: HeeSoo Kim
>            Priority: Blocker
>             Fix For: 3.0.0
>         Attachments: HDFS-7984.001.patch, HDFS-7984.002.patch, HDFS-7984.003.patch, HDFS-7984.004.patch,
HDFS-7984.005.patch, HDFS-7984.006.patch, HDFS-7984.007.patch, HDFS-7984.patch
> When using the webhdfs:// filesystem (especially from distcp), we need the ability to
inject a delegation token rather than webhdfs initialize its own.  This would allow for cross-authentication-zone
file system accesses.

This message was sent by Atlassian JIRA

View raw message